﻿using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.Configuration;
using System.Web.UI;
using System.Web.UI.WebControls;
using HPIT_Library_BLL;
using HPIT_Library_Modal;

namespace HPIT_Library
{
    public partial class Library : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            var userName = txt_Name.Value;
            var passWord = txt_Password.Value;
            #region ASP.NET版本


            //string StrCoon = "Data Source=.;Initial Catalog=Library;uid=sa;pwd=123456";//连接数据库地址
            //string StrCoon =ConfigurationManager.ConnectionStrings["LibraryDB"].ConnectionString;
            //using( SqlConnection coon = new SqlConnection(StrCoon)){ //连接对象
            //    var sql = $"select COUNT(*) from [Login] where useName=@userName and password=@password";//执行sql语句
            //   //防止SQL注入攻击
            //   //1.字符串判断过滤2.参数化过滤
            //    SqlParameter[] parm = { //创建一个SqlParameter数组
            //        new SqlParameter("@userName",userName),
            //        new SqlParameter("@password",passWord),
            //    }; 
            //    SqlCommand cmd = new SqlCommand(sql, coon);
            //    cmd.Parameters.AddRange(parm);
            //    coon.Open();//打开数据库连接Open方法
            //    int count = Convert.ToInt32(cmd.ExecuteScalar());//执行方法返回首行首列
            //    //coon.Dispose();
            //    if (count>0)
            //    {
            //        Response.Redirect("/Index.aspx");
            //    }else
            //    {
            //        Label1.Text = "账号或密码错误";
            //    }
            //}
            #endregion

            #region DBHelper版本
            ////创建一个SQL语句
            //var sql = $"select COUNT(*) from [Login] where useName=@userName and password=@password";
            ////执行sql语句2.参数化过滤
            //SqlParameter[] parm = { //创建一个SqlParameter数组
            //        new SqlParameter("@userName",userName),
            //        new SqlParameter("@password",passWord),
            //    };
            //int count = Convert.ToInt32(DbHelper.ExecuteScalar(sql, parm));
            //if (count > 0)
            //{
            //    Response.Redirect("/Index.aspx");
            //}
            //else
            //{
            //    Label1.Text = "账号或密码错误";
            //}
            #endregion

            #region 三层版本
            LoginInfo login = LoginManger.Login(userName, passWord);
            if (login == null)
            {
                Label1.Text = "账号或密码错误";
            }
            else
            {
                Response.Redirect("/Index.aspx?Name=" + userName);
            }
            #endregion

        }
    }
}